CVE-2022-50799
📋 TL;DR
CVE-2022-50799 is a denial of service vulnerability in Fetch FTP Client 5.8.2 where attackers can send specially crafted FTP server responses exceeding 2K bytes to trigger 100% CPU consumption, potentially crashing the application. This affects users of Fetch FTP Client version 5.8.2 who connect to untrusted or compromised FTP servers.
💻 Affected Systems
- Fetch FTP Client
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete application crash and denial of service, rendering the FTP client unusable and potentially affecting system stability if CPU exhaustion impacts other processes.
Likely Case
Temporary denial of service where the FTP client becomes unresponsive or crashes, requiring restart of the application.
If Mitigated
Minimal impact if connecting only to trusted FTP servers with proper network segmentation and monitoring.
🎯 Exploit Status
Exploit code is publicly available and requires only the ability to send crafted FTP responses to the client. No authentication is needed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 5.8.3 or later
Vendor Advisory: https://www.fetchsoftworks.com
Restart Required: Yes
Instructions:
1. Download latest version from Fetch Softworks website. 2. Install the update. 3. Restart the application.
🔧 Temporary Workarounds
Restrict FTP Server Connections
allOnly connect to trusted, known FTP servers to prevent exposure to malicious responses.
Network Segmentation
allIsolate FTP client systems from untrusted networks using firewalls or network segmentation.
🧯 If You Can't Patch
- Use alternative FTP client software that is not vulnerable.
- Implement strict network controls to limit FTP client connections to trusted servers only.
🔍 How to Verify
Check if Vulnerable:
Check if using Fetch FTP Client version 5.8.2 via Help > About in the application.Check Version:
Not applicable - check via application GUIVerify Fix Applied:
Verify version is 5.8.3 or later in Help > About menu.📡 Detection & Monitoring
Log Indicators:
- Application crash logs
- High CPU usage alerts from Fetch FTP Client process
Network Indicators:
- Unusual FTP traffic patterns with large server responses
- Multiple connection attempts to FTP servers
SIEM Query:
process.name:"Fetch" AND (event.action:"crash" OR cpu.usage > 90)